Next Page >>
physical security
* Malware
* Botnets
* Secure Programming
* Hacker Spaces
* Application and Protocol Fuzzing
* Physical Security
* Virtualization
* Webapp Security
* DataBase Security
* "the" Cloud
* Cryptography
# Cloud Security
# 3G/4G/WIMAX Security
# File System Security
# SS7/GSM/VoIP Security
# Smart Card and Physical Security
# Network Protocols, Analysis and Attacks
# Applications of Cryptographic Techniques
# Side Channel Analysis of Hardware Devices
# Data Recovery, Forensics and Incident Response
# Analysis of Malicious Code / Viruses / Malware
# Intrusion detection
# Data Recovery, Forensics and Incident Response
# HSDPA and CDMA Security
# Identification and Entity Authentication
# Network Protocol and Analysis
# Smart Card and Physical Security
# Virus and Worms
# WLAN, RFID and Bluetooth Security
# Analysis of malicious code
# Applications of cryptographic techniques
# Analysis of attacks against networks and machines
# Cloud Security
# 3G/4G/WIMAX Security
# File System Security
# SS7/GSM/VoIP Security
# Smart Card and Physical Security
# Network Protocols, Analysis and Attacks
# Applications of Cryptographic Techniques
# Side Channel Analysis of Hardware Devices
# Data Recovery, Forensics and Incident Response
# Analysis of Malicious Code / Viruses / Malware
* Forensics and Incident Response
* WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
* Cryptography
* Hardware Hacking
* Malware Analysis
* Lock Picking / Physical Security
HITB Magazine is a deep-knowledge technical magazine. Articles that are more technical or that discuss new and never before seen attack methods are of more interest than a subject that has been covered several times before. Please send your article to editorial@hackinthebox.org
Submissions for issue #5 due no later than 3rd January 2011
+---------------------------------------+
Fixed 3.1.1 and 3.0.9 Mediator Framework software can be downloaded
from the Software Center on http://www.cisco.com by visiting
http://www.cisco.com/cisco/psn/web/download/index.html and navigating
to Physical Security and Building Systems > Smart Connected
Buildings > Cisco Network Building Mediator.
To obtain fixed 1.5.1 and 2.2 Mediator Framework software and
configTOOL version 3.1.0b1 contact Cisco TAC.
is across the street from the convention center.
SELECTED TRAINING COURSES:
Deviant Ollam - 1 Day Course
\__Mastery of Physical Security
Joe McCray - 2 Day Course
\__Crash Course on Penetration Testing & Web Application Security
Jared DeMott - 3 Day Course
# Data Recovery, Forensics and Incident Response
# HSDPA and CDMA Security
# WIMAX Security
# Identification and Entity Authentication
# Network Protocol and Analysis
# Smart Card and Physical Security
# Virus and Worms
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
# Analysis of malicious code
# Applications of cryptographic techniques
# Analysis of attacks against networks and machines
Opensource Intelligence Gathering For Pentesting - Chema Alonso (Infomatica64)
Using Network Forensics for Incident Response and Malware Analysis -
Gabe Martinez & Ray Carney (Netwitness)
Python for hackers, by Sebastin Fernandez y Matas Soler (Immunity)
Breaking Windows, by Agustn Gianni y Franco Riccobaldi (Immunity)
Lock picking & Physical Security - from novice to master in two days,
by Deviant Ollam (TOOOL)
SAP Security In-Depth, by Mariano Nuez di Croce (Onapsis)
Web Testing & Exploiting Workshop, by Andrs Riancho & Nahuel Grisola (Bonsai)
Cracking WIFI for real by Cedric Blancher (EADS)
Hacking y Seguridad en VOIP by Giovanni Cruz Forero (BASE4)
# Cloud Security
# 3G/4G/WIMAX Security
# File System Security
# SS7/GSM/VoIP Security
# Smart Card and Physical Security
# Network Protocols, Analysis and Attacks
# Applications of Cryptographic Techniques
# Side Channel Analysis of Hardware Devices
# Data Recovery, Forensics and Incident Response
# Analysis of Malicious Code / Viruses / Malware
* Malware/ BotNets
* User awareness/ Social Networking Threats
* Secure Programming
* Hacker Spaces/ hacker community
* Fuzzing
* Physical Security
* Virtualization
* Webapp Security
* "the" Cloud
* Cryptography / Obfuscation
* Infrastructure and Critical Systems
# Side Channel Analysis of Hardware Devices
# Applications of cryptographic techniques
# HSDPA / CDMA Security / WIMAX Security
# Apple / OS X security vulnerabilities
# Next generation attacks and exploits
# Smart Card and Physical Security
# SS7/Backbone telephony networks
# Network Protocol and Analysis
# File system security
# Exploit Analysis
# Cloud Security
# Data Recovery, Forensics and Incident Response
# HSDPA and CDMA Security
# WIMAX Security
# Identification and Entity Authentication
# Network Protocol and Analysis
# Smart Card and Physical Security
# Virus and Worms
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
# Analysis of malicious code
# Applications of cryptographic techniques
# Analysis of attacks against networks and machines
* Forensics and Incident Response
* WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
* Cryptography
* Hardware Hacking
* Malware Analysis
* Lock Picking / Physical Security
HITB Magazine is a deep-knowledge technical magazine. Articles that are more technical or that discuss new and never
before seen attack methods are of more interest than a subject that has been covered several times before. Please send
your article to editorial () hackinthebox org
Conference Tracks (17 – 18 Nov, 2009)
You can submit your response for any the following three conference tracks
* CT 1 - Application, Database & Web Security
* CT 2 - Infrastructure Security (Network / Wireless/ Bluetooth / Malware / Forensics / Cyber- terrorism / Physical Security / Information warfare etc.)
* CT 3 - Risk Management / Compliance
Session will have to be delivered in any one of the following Session format for Conference talks:
3G/4G/WIMAX Security
SS7/GSM/VoIP Security
Security of Medical Devices
Critical Infrastructure Security
Smartphone / MobileSecurity
Smart Card and Physical Security
Network Protocols, Analysis and Attacks
Applications of Cryptographic Techniques
Side Channel Analysis of Hardware Devices
Analysis of Malicious Code / Viruses / Malware
Data Recovery, Forensics and Incident Response
# SS7/Backbone telephony networks
# VoIP security
# Data Recovery, Forensics and Incident Response
# HSDPA / CDMA Security / WIMAX Security
# Network Protocol and Analysis
# Smart Card and Physical Security
# Virus and Worms
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
# Analysis of malicious code
# Applications of cryptographic techniques
# Analysis of attacks against networks and machines
+ Hardware
- Embedded devices, consoles, femtocell
- Cellphones
- RFID, SDR (software defined radio)
- Side channel attacks
- Physical security (cameras, access control)
+ Protocol
- GSM / CDMA
+ Also of interest to us
- Privacy
# Analysis and reverse engineering of malicious code
# Analysis of vulnerability, attacks and defence against networks,
hardware, software
# Virtualization and operating systems security
# Data recovery, Forensic and Incident Response
# Physical security
# Firewall technologies
# Web applications security and cryptographic
Caution!
We do not accept marketing, non-technical presentations aimed at
| Gateways | |
|----------------------------+-------------------------------|
| Cisco Physical Access | CSCtd03912 |
| Manager | |
|----------------------------+-------------------------------|
| Cisco Physical Security | CSCtd03920 |
| ISM | |
|----------------------------+-------------------------------|
| Cisco QoS Device Manager | CSCtd03923 |
| | |
|----------------------------+-------------------------------|
About Context Information Security
----------------------------------
Context Information Security Limited is a specialist information security consultancy based in London and Frankfurt. Context promotes the holistic approach to information security and helps clients to identify, assess and control their exposure to risk within the fields of IT, telephony and physical security. Context employs experienced information security professionals who are subject-matter experts in their various technical specialisms. Context works extensively within the finance, legal, defence and government sectors, delivering high-end information security projects to organisations for which security is a priority.
Web: www.contextis.co.uk
Email: disclosure@contextis.co.uk
>
> Good day to all of you,
>
> I'm having loads of troubles finding computer crimes' statistics
> (crimes
> that are related to physical security - eg. Login, root access,
> ntlm/sam,
> etc). I did some search on google and many other websites. But I've yet
> to
> encounter a statistics or survey for the mentioned above computer
> crime.
Australia. For more information, visit https://www.trustwave.com
About Trustwave SpiderLabs:
SpiderLabs(R) is the advanced security team at Trustwave focused on
application security, incident response, penetration testing, physical
security and security research. The team has performed over a thousand
incident investigations, thousands of penetration tests and hundreds of
application security tests globally. In addition, the SpiderLabs Research
team provides intelligence through bleeding-edge research and proof of
concept tool development to enhance Trustwave's products and services.
https://www.trustwave.com/spiderlabs
* Web application security
* Virtualization and cloud computing
* Innovative attack strategies
* Forensics
* Embedded devices
* Physical security and lock picking
* Biometrics
* Hardware hacking
* Phone phreaking
* Biohacking
* Open source software
- Reverse engineering (Software, Protocols, Hardware, Human)
- Exploit development and vulnerability assessment
- Data analysis and visualization techniques
- Crypto and anonymity
- Physical security countermeasures
- Graphics/demoscene
- K-RaD stuff
+ IF IT'S COOL, SEND IT +
- Techniques for development of secure software & systems
- Information about smartcard and RFID security and similars
- Lockpicking, trashing, physical security and urban exploration
- Hardware hacking, embedded systems and other electronic devices
- Mobile devices exploitation, Symbian, P2K and bluetooth technologies
processes in the host OS.
So, the only risk is the from your hosting company's admins, and any
rational person would have already evaluated the assumption of risk and
chosen to *not* place sensitve, proprietary data on that box in the first
place. Remember, you have no physical security at that point, so all bets
are already off.
But, say you can accept that risk -- you can still eliminate that attack
vector by a) not running the guest utilities *or* b) not logging onto the
(virtual) local console. Please correct me if I'm wrong, but that's a
> physical attacks are typically considered low-risk, so I guess it's
> not found worth it.
There is a quite viable technical solution in the form of a patch which
solves most of these problems. Also, I heavily disagree that physical
security is of no importance. Nowadays, there are ways to achieve quite
good physical security using disk encryption and mechanisms which lock
the encrypted parts of the disk on demand (e.g. when closing the lid of
a notebook). Now, all of these mechanisms can be circumvented by
plugging an evil device which looks like an iPod, smells like an iPod
but fetches your keys from memory.
Web and Cloud Application Security Workshop
Instructor: Andre Gironda
Includes: Printed workbook, Build/setup/use of a virtual infrastructure
This cloud-web application security workshop covers web applications in various virtual infrastructures, primarily focused on defense, compliance, and incident response. First, we'll identify applications as if they had already been attacked. Then, we'll come up with a risk management plan based on incident data, compliance/regulations, as well as data classifications. We'll look at full-knowledge verification using web server configuration and content files, in addition to runtime and source code verification. We'll go over the various implications of pen-testing cloud-web applications. This will include a thorough look at the strengths and weaknesses of web application firewalls and application hardening practices. Finally, we'll perform mock verifications and discuss partnering with application developers.
Applied Physical Security - Lockpicking and Safecracking
Instructor: datagram
Includes: 1 lockpicking kit, 1 handcuff key, 1 practice deadbolt, 1 practice padlock
This course focuses on learning and applying techniques of lockpicking, key bumping, impressioning, decoding, bypass, and safe cracking against a variety of real world locks and safes. Common lock designs are examined for various weaknesses that allow different methods of attack, some of which are extremely fast and easy to perform. High security locks will also be examined so attendees can learn to spot good locks from bad locks when shopping for access control devices.
• Virtualization attacks
• Hardware disassembly and perversion
• Consumer electronic devices
• Application, host, and network security
• Telephony
• Physical security
• RFID
Topics for Build It! may include, but are not limited to, inventive
software & hardware SOLUTIONS in:
• Robotics and animatronics
Next Page>>
|
